Vulnerability

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Proof-of-concept exploit code...

High-Severity TinyMCE Cross-Site Scripting Flaw Fixed

The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover. A high-severity flaw has been disclosed in TinyMCE, an...

Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data

Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices. Vulnerabilities in Amazon’s Alexa virtual...

Citrix Warns of Critical Flaws in XenMobile Server

Citrix said that it anticipates malicious actors “will move quickly to exploit” two critical flaws in its mobile device management software. Citrix is urging users...

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules. Intel is warning of a rare critical-severity vulnerability affecting several of...

Cloud Security

Phishing attack hid in Google Cloud Services

Details of a phishing attack concealed in Google Cloud Services point to a fast-growing trend that has hackers disguising malicious activities in cloud service providers....

COVID-19 accounts for most 2020 cyberattacks

The pandemic has served as a catalyst for much of the hacking increases during the first half of 2020, with weekly COVID-19-related phishing attacks growing...

Apple’s App Store found housing third-party app store

The proprietor of at least one third-party app store was found using a new method of subterfuge enabling the store to be legitimately placed inside...

Countdown to 7 April: hackers struggle to get iCloud threats straight

Confusion abounds over the iCloud hack as 7 April draws closer. Security experts are increasingly doubtful whether the claims made by a group known as...

Data breach exposes about 4 million Time Warner Cable customer records

Time Warner Cable, now known as Spectrum, became the latest company to realize exactly how vulnerable its data is when a third-party vendor entrusted with...

ISPs underestimate value of security, core demand for 71% of enterprises

There is a disconnect between how much enterprises care about Internet security and what service providers think these customers value according to a new survey by the Internet...